Question

Problems with OAuth2.0 authentication using the REST sender with "Scope" functionality

H
Rank
Userlevel 1
Badge +5
  • Hani
  • Sidekick (Employee)
  • 13 replies

Hello,

We have a number of outbound integrations that were using the REST sender with Client Credentials authentication towards Azure plattform, they were  working properly before.
Now, the endpoints at Azure has been moved to a new version and they have been configured using the OAuth2.0 “Scope”  parameter that is not available in the Client Credentials data inside the routing address (IFS Connect).
We tried to add the Scpoe parameter in the “Token Endpoint Parameters” like: Scope=xxxxx , we also tried to add the Scope into the “Additional Headres” like Scope=xxxxx , none of them worked. Error  when invoking the endpoint, error message :


"ExecutionException from Sender thread
Caused by: ifs.fnd.connect.senders.ConnectSender$TemporaryFailureException: Exception while sending data
Caused by: ifs.fnd.connect.senders.ConnectSender$TemporaryFailureException: Error while trying to get the Oauth access token
Caused by: java.io.IOException: Server returned HTTP response code: 400 for URL: https://login.microsoftonline.com/74c901f0-6a97-4cfa-8505-9542ce009b27/oauth2/v2.0/token"

 

Customer gave us a postman collection and it works fine from there since there exist a “Scope” parameter/functionality in the OAuth2.0 Postman client.

Any help appriciated!

Kindregards,

Hani

 

3 replies

Marcel.Ausan
Rank
Userlevel 6
Badge +15

@Hani did you manage to find a solution for this? I also came across this issue.

https://www.linkedin.com/in/marcelausan/
roklde
Rank
Userlevel 6
Badge +23

Hi Hani,

some things you may want to try:
 

You may want to have a read here:
https://learn.microsoft.com/en-us/azure/active-directory/develop/scopes-oidc#client-credentials-grant-flow-and-default

​​​If you believe that there is a bug in the application you could also try raising a support case to get it investigated.

 

Best regards
Roman

dsj
Rank
Userlevel 7
Badge +20

Hi @Hani 

 

I also had the same problem and more details can be found here: Token request problem in Client Credentials flow | IFS Community

 

Problem is not with the scope. Actually, if you put the scope=xxx in Token Endpoint Parameters, it will add to the token request body.

 

Problem is that the IFS token request in client credential flow is faulty where client id, secret is added in both the request auth header and in the body. According to RFC doc, client_id in the payload is required only for authorization_code grant type. For other grant types it’s optional. Nothing was mentioned about the client_secret.

RFC 6749 - The OAuth 2.0 Authorization Framework (ietf.org)

 

We spent many hours on this and finally compared token request from postman with IFS and confirmed that this was the reason for getting 400 status code for token request.

 

As mentioned in above topic, this problem was found in Apps10 and in cloud 22R2. therefore I think it is an unsolved bug.

 

Hope it helps and would like someone from RnD could explain if there’s a way to work client credential flow.

 

Cheers!

Damith

 

DSJ - https://dsj23.me

Reply


Terms & ConditionsCookie settings